Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions conf/extra/httpd-vhosts.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,33 +2,33 @@ ServerName ${APACHE_SERVERNAME}

# HTTP (default virtual host)
<VirtualHost *:80>
# Allow virtual-host config overrides (overrides go first, as Apache picks the first instance of a directive)
# Using a glob pattern in the file name to avoid creating an empty config by default
IncludeOptional conf/custom/httpd-vhost-overrides.con[f]
# Standard virtual-host configuration
Include conf/extra/includes/host.conf
# Allow virtual-host config overrides (overrides go last, as Apache uses the last instance of a directive)
# Using a glob pattern in the file name to avoid creating an empty config by default
IncludeOptional conf/custom/httpd-vhost-overrides.con[f]
</VirtualHost>

# HTTPS (default virtual host)
<IfModule mod_ssl.c>
Listen 443
# Restrict mod_ssl to use only TLSv1.2 ciphers
# Restrict mod_ssl to strong ciphers (TLSv1.3 ciphers are configured separately)
SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
SSLHonorCipherOrder on
# Only allow the TLSv1.2 protocol
SSLProtocol TLSv1.2
SSLProxyProtocol TLSv1.2
# Allow TLSv1.2 and TLSv1.3
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLProxyProtocol -all +TLSv1.2 +TLSv1.3
# Other SSL settings
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

<VirtualHost *:443>
# Allow virtual-host config overrides (overrides go first, as Apache picks the first instance of a directive)
# Using a glob pattern in the file name to avoid creating an empty config by default
IncludeOptional conf/custom/httpd-vhost-overrides.con[f]
# Standard virtual-host configuration
Include conf/extra/includes/host.conf
# Allow virtual-host config overrides (overrides go last, as Apache uses the last instance of a directive)
# Using a glob pattern in the file name to avoid creating an empty config by default
IncludeOptional conf/custom/httpd-vhost-overrides.con[f]

SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.crt
Expand Down
5 changes: 5 additions & 0 deletions tests/config-directory-override/httpd-vhost-overrides.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Override the <Directory> block from host.conf to deny access
# This tests that overrides at the same scope (container directive) take effect
<Directory "${APACHE_DOCUMENTROOT}">
Require all denied
</Directory>
5 changes: 4 additions & 1 deletion tests/config/httpd-vhost-overrides.conf
Original file line number Diff line number Diff line change
@@ -1 +1,4 @@
DirectoryIndex index2.html
# Test that a <Directory> override takes precedence over VirtualHost-level directives
<Directory "${APACHE_DOCUMENTROOT}">
DirectoryIndex index2.html
</Directory>
29 changes: 29 additions & 0 deletions tests/test.bats
Original file line number Diff line number Diff line change
Expand Up @@ -200,3 +200,32 @@ _healthcheck_wait ()
### Cleanup ###
make clean
}

@test "Configuration overrides - Directory block" {
[[ $SKIP == 1 ]] && skip

### Setup ###
VOLUMES=" \
-v $(pwd)/tests/docroot:/var/www/docroot \
-v $(pwd)/tests/config-directory-override:/var/www/.docksal/etc/apache" \
make start

run _healthcheck_wait
unset output

### Tests ###

# Test that a <Directory> override takes precedence over host.conf's <Directory> block
# This verifies the include order fix (overrides must load after the standard config)
run curl -sSk -m 1 -I http://localhost:2580
[[ "$output" =~ "HTTP/1.1 403 Forbidden" ]]
unset output

# HTTPS should also be overridden
run curl -sSk -m 1 -I https://localhost:25443
[[ "$output" =~ "HTTP/1.1 403 Forbidden" ]]
unset output

### Cleanup ###
make clean
}
Loading